Lucene search
K
VmwareFusion

131 matches found

CVE
CVE
added 2008/06/05 8:21 p.m.1448 views

CVE-2008-2100

CVE-2008-2100 corresponds to VMware VIX API Multiple Buffer Overflow Vulnerabilities (VMSA-2008-0009). It affects VIX API 1.1.x before 1.1.4 build 93057 across host products (VMware Workstation 5.x/6.x, VMware Player 1.x/2.x, VMware ACE 2.x, VMware Server 1.x, VMware Fusion 1.x, VMware ESXi 3.5, ...

7.2CVSS7.3AI score0.00598EPSS
CVE
CVE
added 2020/03/17 6:41 p.m.1209 views

CVE-2020-3950

Mode C: CVE-2020-3950 affects VMware Fusion (11.x up to 11.5.1/11.5.2), VMware Remote Console for Mac (11.x up to 11.0.1), and Horizon Client for Mac (5.x up to 5.4.0). Root cause: improper use of setuid binaries enabling local privilege escalation from a normal user to root on systems running th...

7.8CVSS7.8AI score0.07254EPSS
In wild
CVE
CVE
added 2018/01/04 1:0 p.m.1141 views

CVE-2017-5753

CVE-2017-5753 is part of the Spectre family (Variant 1) described in the SPECTRE_MELTDOWN_ADVISORY: it involves speculative execution and a bounds-check bypass that can enable an unprivileged attacker to read privileged memory via cache timing analysis. IBM’s AIX/VIOS advisories and iFixes addres...

5.6CVSS6.1AI score0.93838EPSS
CVE
CVE
added 2025/03/04 11:56 a.m.791 views

CVE-2025-22226

CVE-2025-22226 affects VMware ESXi, Workstation, and Fusion via an out-of-bounds read in HGFS, allowing a VM-guest with local admin rights to leak memory from the vmx host process (information disclosure). Connected sources corroborate three related VMware flaws (CVE-2025-22224, CVE-2025-22225) a...

7.1CVSS7.7AI score0.01676EPSS
In wild
CVE
CVE
added 2019/10/10 4:28 p.m.707 views

CVE-2019-5527

CVE-2019-5527 is a use-after-free in the virtual sound device affecting VMware ESXi, Workstation, Fusion, VMRC and Horizon Client. The issue allows a local attacker with low privileges on a guest to potentially execute code on the host, with impact on confidentiality, integrity and availability d...

8.8CVSS8.6AI score0.00303EPSS
CVE
CVE
added 2013/12/04 3:0 p.m.432 views

CVE-2013-3519

CVE-2013-3519 concerns a privilege-escalation flaw in VMware’s LGTOSYNC.SYS driver. A crafted memory allocation could allow a guest OS user to gain guest-OS privileges on 32-bit Windows guests. Affected products/versions (per VMSA-2013-0014 and associated advisories): VMware Workstation 9.x befor...

7.9CVSS6.5AI score0.00506EPSS
CVE
CVE
added 2020/09/16 4:13 p.m.419 views

CVE-2020-3980

Summary: CVE-2020-3980 affects VMware Fusion 11.x. It is a privilege-escalation vulnerability tied to how Fusion configures the system-wide PATH, allowing a normal-privilege user to trick an admin into running malicious code on the host. The vulnerability is documented with a CVSSv3 base score up...

6.7CVSS6.8AI score0.00285EPSS
CVE
CVE
added 2022/01/04 9:39 p.m.323 views

CVE-2021-22045

The CVE-2021-22045 vulnerability is a heap overflow in CD-ROM device emulation affecting multiple VMware products: ESXi (versions 6.5, 6.7, 7.0), Workstation (16.x up to 16.2.0), and Fusion (12.x up to 12.2.0). The underlying issue is a heap overflow in the CD-ROM device emulation, which could en...

7.8CVSS7.6AI score0.04681EPSS
CVE
CVE
added 2022/12/14 12:0 a.m.323 views

CVE-2022-31705

CVE-2022-31705 is a heap out-of-bounds write in the USB 2.0 EHCI controller affecting VMware ESXi, Workstation, and Fusion. A local administrator within a guest VM can exploit this to execute code in the VMX process on the host; on ESXi the exploit is contained within the VMX sandbox, while on Wo...

8.2CVSS8.4AI score0.01546EPSS
CVE
CVE
added 2019/09/20 6:0 p.m.317 views

CVE-2019-5521

CVE-2019-5521 is an out-of-bounds read vulnerability in VMware's pixel shader pipeline affecting ESXi, Workstation, and Fusion. Exploitation requires access to a VM with 3D graphics enabled and can lead to information disclosure or a host DoS; ESXi mitigations are not enabled by default, while Wo...

9.6CVSS8.7AI score0.01628EPSS
CVE
CVE
added 2020/12/21 3:14 p.m.283 views

CVE-2020-3999

CVE-2020-3999 affects VMware ESXi (7.0 with patch ESXi70U1c-17325551), VMware Workstation (16.x before 16.0 and 15.x before 15.5.7), VMware Fusion (12.x before 12.0 and 11.x before 11.5.7) and VMware Cloud Foundation. The vulnerability is a denial of service caused by improper input validation in...

6.5CVSS6.2AI score0.00349EPSS
CVE
CVE
added 2023/04/25 12:0 a.m.278 views

CVE-2023-20872

CVE-2023-20872 affects VMware Workstation and VMware Fusion, describing an out-of-bounds read/write vulnerability in the SCSI CD/DVD device emulation. The issue can allow a guest VM with a CD/DVD drive configured to use a virtual SCSI controller to execute code on the host hypervisor, implying po...

8.8CVSS8.5AI score0.00867EPSS
CVE
CVE
added 2022/02/16 4:37 p.m.245 views

CVE-2021-22040

Vulnerability CVE-2021-22040 affects VMware ESXi, Workstation, and Fusion due to a use-after-free in the XHCI USB controller. The issue lets a malicious actor with local VM admin privileges execute code as the host VMX process running on the host. This is a host-level impact triggered from within...

6.7CVSS7.2AI score0.00698EPSS
CVE
CVE
added 2020/03/16 5:21 p.m.236 views

CVE-2020-3947

Summary: CVE-2020-3947 affects VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2). The issue is a use-after vulnerability in the vmnetdhcp component that can allow a guest to impact the host. Exploitation may lead to code execution on the host from the guest or cause a...

8.8CVSS8.7AI score0.00636EPSS
CVE
CVE
added 2024/03/05 5:58 p.m.236 views

CVE-2024-22255

CVE-2024-22255 is an information disclosure vulnerability in the UHCI USB controller affecting VMware ESXi, Workstation, and Fusion. A malicious actor with administrative access inside a guest VM can leak memory from the VMX process, potentially exposing sensitive data. The issue is documented wi...

7.1CVSS7.7AI score0.02311EPSS
CVE
CVE
added 2022/02/16 4:37 p.m.225 views

CVE-2021-22041

CVE-2021-22041 is a double-fetch vulnerability in the UHCI USB controller affecting VMware ESXi, Workstation, and Fusion. The flaw allows a malicious actor with local VM-level administrative privileges to execute code as the VMX process running on the host, via isochronous USB endpoints. Red Hat ...

6.7CVSS7.1AI score0.00552EPSS
CVE
CVE
added 2020/11/20 7:6 p.m.205 views

CVE-2020-4004

CVE-2020-4004 is a use-after-free in the XHCI USB controller affecting VMware ESXi (7.0 before ESXi70U1b-17168206; 6.7 before ESXi670-202011101-SG; 6.5 before ESXi650-202011301-SG), VMware Workstation (15.x before 15.5.7), and VMware Fusion (11.x before 11.5.7). The underlying issue allows a mali...

8.2CVSS7.8AI score0.00392EPSS
CVE
CVE
added 2017/06/08 1:0 p.m.193 views

CVE-2017-4901

The CVE-2017-4901 entry relates to VMware Workstation 12.x (before 12.5.4) and VMware Fusion 8.x (before 8.5.5), where the drag-and-drop (DnD) function has an out-of-bounds memory access vulnerability. The cited sources describe a potential for a guest operating system to execute code on the host...

9.9CVSS7.3AI score0.1994EPSS
CVE
CVE
added 2023/04/25 12:0 a.m.189 views

CVE-2023-20869

CVE-2023-20869 is a stack-based buffer overflow in VMware Workstation 17.x and VMware Fusion 13.x related to sharing host Bluetooth devices with the VM. Public reports and Vulners-derived references confirm this vulnerability, which can allow a local attacker with VM-level privileges to execute c...

8.2CVSS8.4AI score0.02036EPSS
CVE
CVE
added 2022/02/16 4:37 p.m.183 views

CVE-2021-22043

CVE-2021-22043 affects VMware ESXi. It is a TOCTOU vulnerability in how temporary files are handled by the settingsd service, enabling a user with access to settingsd to escalate privileges by writing arbitrary files. The issue is discussed alongside related flaws (CVE-2021-22040/22041/22042/2205...

7.5CVSS7.7AI score0.01035EPSS
CVE
CVE
added 2024/03/05 5:57 p.m.181 views

CVE-2024-22252

Summary of CVE-2024-22252 : VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges inside a VM can exploit this to execute code as the VMX process on the host; on ESXi the effect is contained w...

9.3CVSS9.5AI score0.03542EPSS
CVE
CVE
added 2018/10/16 8:0 p.m.171 views

CVE-2018-6974

CVE-2018-6974 describes an out-of-bounds read in the SVGA device affecting VMware ESXi (various older builds), VMware Workstation (14.x before 14.1.3), and VMware Fusion (10.x before 10.1.3). The issue could allow a guest to execute code on the host due to SVGA parsing/reading flaws. Affected pro...

8.8CVSS8.6AI score0.00475EPSS
CVE
CVE
added 2017/09/15 1:0 p.m.166 views

CVE-2017-4924

CVE-2017-4924 is a VMware SVGA out-of-bounds write vulnerability that can allow a guest VM to execute code on the host. Affected products and versions (per provided docs): ESXi 6.5 prior to patch ESXi650-201707101-SG; VMware Workstation 12.x prior to 12.5.7; VMware Fusion 8.x prior to 8.5.8. The ...

8.8CVSS8.7AI score0.00608EPSS
CVE
CVE
added 2023/04/25 12:0 a.m.165 views

CVE-2023-20871

Summary (CVE-2023-20871) VMware Fusion contains a local privilege escalation flaw. A user with read/write access to the host OS can elevate privileges to gain root on the host. The vulnerability is characterized as an “Important” issue affecting Fusion (and related VMware blurbs note it as part o...

7.8CVSS8AI score0.00384EPSS
CVE
CVE
added 2020/07/10 1:14 p.m.164 views

CVE-2020-3974

CVE-2020-3974 affects VMware Fusion 11.x (pre-11.5.5), VMware Remote Console for Mac 11.x (pre-11.2.0), and Horizon Client for Mac 5.x (pre-5.4.3). It is a local privilege-escalation due to improper XPC Client validation, allowing a normal-privilege user to gain root access. Exploitation requires...

7.8CVSS8AI score0.00359EPSS
CVE
CVE
added 2024/02/27 5:35 p.m.161 views

CVE-2024-22251

VMware Workstation and Fusion contain an out-of-bounds read in the USB CCID (chip card interface device). A malicious actor with local administrative privileges inside a VM may trigger an out-of-bounds read, leading to information disclosure. Publicly documented impact and remediation are tied to...

5.9CVSS5.4AI score0.00226EPSS
CVE
CVE
added 2020/10/20 4:8 p.m.160 views

CVE-2020-3981

CVE-2020-3981 affects VMware products (ESXi, Workstation, Fusion) with an out-of-bounds read caused by a TOCTOU in the ACPI device. An attacker with VM-level admin access can leak memory from the vmx process. CVE-2020-3982 is a related out-of-bounds write in the same ACPI TOCTOU path, potentially...

5.8CVSS6.2AI score0.00792EPSS
CVE
CVE
added 2018/08/15 12:0 p.m.157 views

CVE-2018-6973

CVE-2018-6973 affects VMware Workstation 14.x prior to 14.1.3 and VMware Fusion 10.x prior to 10.1.3. The vulnerability is an out-of-bounds write in the e1000 device that may allow a guest to execute code on the host. ZDI notes that exploitation requires the attacker to run code on the guest (loc...

8.8CVSS8.7AI score0.00494EPSS
CVE
CVE
added 2018/12/04 2:0 p.m.149 views

CVE-2018-6981

CVE-2018-6981 describes an uninitialized stack memory issue in the vmxnet3 virtual network adapter that could allow a guest to execute code on the host. Affected VMware products include ESXi 6.7 (without ESXi670-201811401-BG), ESXi 6.5 (without ESXi650-201811301-BG), ESXi 6.0 (without ESXi600-201...

8.8CVSS8.7AI score0.01272EPSS
CVE
CVE
added 2013/02/11 10:0 p.m.148 views

CVE-2013-1406

CVE-2013-1406 affects VMware VMCI in vmci.sys across VMware Workstation (8.x before 8.0.5; 9.x before 9.0.1), VMware Fusion (4.1 before 4.1.4; 5.0 before 5.0.2), VMware View (4.x before 4.6.2; 5.x before 5.1.2), VMware ESXi/ESX (4.0–5.1). Root cause: improper restriction of memory allocation by V...

7.2CVSS6.3AI score0.00968EPSS
Web
CVE
CVE
added 2019/04/01 8:39 p.m.144 views

CVE-2019-5519

CVE-2019-5519 describes a TOCTOU vulnerability in the virtual USB 1.1 UHCI on VMware products. A guest VM with a virtual USB controller can potentially execute code on the host. Affected: VMware ESXi (various 6.x versions), Workstation (14.x/15.x), and Fusion (10.x/11.x) before the patched builds...

7.2CVSS7.5AI score0.01004EPSS
CVE
CVE
added 2024/03/05 5:57 p.m.142 views

CVE-2024-22253

CVE-2024-22253 is a use-after-free in the UHCI USB controller affecting VMware ESXi, Workstation, and Fusion. A malicious actor with local VM admin privileges can exploit it to execute code as the VMX process on the host; on ESXi this is contained within the VMX sandbox, while Workstation/Fusion ...

9.3CVSS9.5AI score0.00645EPSS
CVE
CVE
added 2019/04/01 8:39 p.m.140 views

CVE-2019-5518

CVE-2019-5518 concerns an out-of-bounds read/write in the virtual USB 1.1 UHCI for VMware products. A guest VM with a virtual USB controller can potentially execute code on the host. Affected: VMware ESXi (6.0/6.5/6.7), Workstation (14.x/15.x), and Fusion (10.x/11.x). Root cause: out-of-bounds ac...

7.2CVSS7.5AI score0.00792EPSS
CVE
CVE
added 2018/03/15 7:0 p.m.138 views

CVE-2018-6957

CVE-2018-6957 affects VMware Workstation Pro/Player (14.x prior to 14.1.1; 12.x) and VMware Fusion (10.x prior to 10.1.1 and 8.x). The vulnerability is a denial-of-service that can be triggered by opening a large number of VNC sessions; exploitation requires VNC to be manually enabled. Public-fac...

5.3CVSS5.1AI score0.01654EPSS
CVE
CVE
added 2017/12/20 3:0 p.m.136 views

CVE-2017-4941

CVE-2017-4941 affects VMware products: ESXi 6.0 (pre-ESXi600-201711101-SG) and ESXi 5.5 (pre-ESXi550-201709101-SG); Workstation 12.x (pre-12.5.8); and Fusion 8.x (pre-8.5.9). The vulnerability is a stack overflow in the remote management function triggered by a specific set of VNC packets, which ...

8.8CVSS8.7AI score0.03157EPSS
CVE
CVE
added 2009/04/13 4:0 p.m.135 views

CVE-2009-1244

CVE-2009-1244 is a VMware-hosted products issue where a guest OS could execute code on the host via the virtual machine display function. Affected products include VMware Server/Player/Workstation and related hosted ESX/ESXi components (as described in the CVE record). The root cause is described...

6.8CVSS6.8AI score0.01998EPSS
CVE
CVE
added 2016/01/09 2:0 a.m.134 views

CVE-2015-6933

CVE-2015-6933 affects VMware Tools HGFS across VMware Workstation (11.x prior to 11.1.2), VMware Player (7.x prior to 7.1.2), VMware Fusion (7.x prior to 7.1.2), and VMware ESXi (5.0–6.0). Root cause: HGFS/shared folders component vulnerability leading to guest OS privilege escalation or guest ke...

6.5CVSS6.1AI score0.0151EPSS
CVE
CVE
added 2017/06/07 6:0 p.m.134 views

CVE-2017-4905

CVE-2017-4905 affects VMware ESXi (multiple versions) and VMware Workstation/Fusion up to specific builds, caused by uninitialized memory usage that could leak information. Connected documents provide concrete details: affected products/versions, the root cause (uninitialized memory), and impact ...

5.5CVSS6.5AI score0.01204EPSS
CVE
CVE
added 2018/12/04 2:0 p.m.134 views

CVE-2018-6982

CVE-2018-6982 affects VMware ESXi 6.5 and 6.7 (and related VMware products) due to uninitialized stack memory usage in the vmxnet3 virtual network adapter, which may leak information from host to guest when vmxnet3 is enabled. The Connected documents corroborate that ESXi 6.7 requires ESXi670-201...

6.5CVSS7.2AI score0.00452EPSS
CVE
CVE
added 2019/04/01 8:21 p.m.133 views

CVE-2019-5514

CVE-2019-5514 is a VMware Fusion vulnerability where unauthenticated APIs accessible through a web socket can be abused to trick the host user into running JavaScript on the guest via VMware Tools, potentially enabling commands on the guest. Affected product: VMware Fusion 11.x prior to 11.0.3. M...

8.8CVSS8.7AI score0.03484EPSS
CVE
CVE
added 2018/01/05 2:0 p.m.128 views

CVE-2017-4945

CVE-2017-4945 affects VMware Workstation (14.x, 12.x), Fusion (10.x, 8.x) and VMware Tools. Root cause: guest access control weakness that may allow code execution via Unity on locked Windows VMs. Affected components/versions: VMware Tools prior to 10.2.0; Tools 10.2.0 fixes this issue and is pac...

5.5CVSS5.9AI score0.00435EPSS
CVE
CVE
added 2023/10/20 8:56 a.m.128 views

CVE-2023-34044

CVE-2023-34044 is an out-of-bounds read vulnerability in VMware Workstation 17.x before 17.5 and VMware Fusion 13.x before 13.5, in the Bluetooth host-device sharing function. A local attacker with VM privileges can read sensitive information from hypervisor memory. No exploit details are provide...

7.1CVSS6AI score0.00204EPSS
CVE
CVE
added 2009/11/02 3:0 p.m.124 views

CVE-2009-2267

CVE-2009-2267 affects VMware products (Workstation, Player, ACE, Server, Fusion, ESXi/ESX) where Virtual-8086 mode is used. The root cause is an improper setting of the exception code on a page fault (#PF), allowing guest OS users to gain privileges on the guest OS by supplying a crafted value fo...

6.9CVSS6.6AI score0.01769EPSS
In wild
CVE
CVE
added 2024/09/03 9:47 a.m.124 views

CVE-2024-38811

VMware Fusion for macOS versions 13.x before 13.6 contains a code‑execution vulnerability due to insecure handling of an environment variable. The root cause is an insecure environment variable usage inside the Fusion application, which could allow a local attacker with standard user privileges t...

8.8CVSS8.4AI score0.0028EPSS
CVE
CVE
added 2024/05/21 5:29 p.m.122 views

CVE-2024-22273

CVE-2024-22273 affects VMware ESXi, Workstation, and Fusion storage controllers, with an out-of-bounds read/write flaw that may let a VM-adjacent attacker cause a denial of service or, in conjunction with other issues, execute code on the hypervisor. Exploitation is described as local (requires a...

8.1CVSS7.1AI score0.00163EPSS
CVE
CVE
added 2018/07/25 1:0 p.m.121 views

CVE-2018-6972

Summary of CVE-2018-6972 details from provided documents : VMware products — ESXi (versions listed as affected before certain update bundles), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) — are affected by a denial-of-service vulnerability due to a NULL pointer dereference in...

6.5CVSS6.3AI score0.02999EPSS
CVE
CVE
added 2020/06/25 2:50 p.m.121 views

CVE-2020-3963

CVE-2020-3963 affects VMware ESXi (7.0 pre-7.0.0-1.20.16321839; 6.7 pre-670-202006401-SG; 6.5 pre-650-202005401-SG), Workstation 15.x pre-15.5.2, and Fusion 11.x pre-11.5.2 with a use-after-free in PVNVRAM that could allow a local attacker with VM access to read privileged memory. VMware’s VMSA-2...

5.5CVSS5.9AI score0.0055EPSS
CVE
CVE
added 2015/01/29 6:0 p.m.118 views

CVE-2015-1043

Affected products and component: VMware HGFS in Workstation 10.x (before 10.0.5), VMware Player 6.x (before 6.0.5), and VMware Fusion 6.x (before 6.0.5) and 7.x (before 7.0.1). Vulnerability and impact: HGFS input validation flaw that allows guest OS users to cause a guest OS denial of service. T...

3.3CVSS3.6AI score0.00786EPSS
CVE
CVE
added 2020/06/25 2:51 p.m.117 views

CVE-2020-3964

CVE-2020-3964 is an information-leak vulnerability in the EHCI USB controller affecting VMware products. A local attacker with access to a guest VM can read privileged information from the hypervisor memory, under conditions described by VMware and Red Hat/CNVD disclosures. Affected are: ESXi 7.0...

4.7CVSS5.5AI score0.00471EPSS
CVE
CVE
added 2020/06/25 2:54 p.m.116 views

CVE-2020-3965

CVE-2020-3965 affects VMware ESXi, Workstation, and Fusion, describing an information-leak in the XHCI USB controller that could let a local VM attacker read privileged information from hypervisor memory. Affected: ESXi 7.0 (pre-1.20.16321839), 6.7 (pre-670-202006401-SG), 6.5 (pre-650-202005401-S...

5.5CVSS6AI score0.00587EPSS
Total number of security vulnerabilities131